Loading…
Virtual Event
August 17–August 20, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2020 - Virtual to participate in the sessions. If you have not registered but would like to join us, please register here.

Please note: This schedule is automatically displayed in Central European Summer Time (CEST). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, August 19 • 13:00 - 13:35
Where Are Your Images Running? Stop Worrying and Start Encrypting! - Brandon Lum & Harshal Patil, IBM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Container image signing has made it possible for cluster operators to cryptographically verify that images are trusted. However, the same cannot be said of whether the nodes that run these images are trusted to view and use the contents of these images. This can be particularly important if compliance requires knowledge of WHERE a container image is running.

In this talk, we will show how DevOps, trust bootstrapping, and key management, in conjunction with container image encryption can achieve geofencing of execution. We will demo the new encrypted container images worker node model in containerd and cri-o working in such a context. In addition, we will explore how to bootstrap node trust, from simple setups to advanced key distribution using HW Root of Trust/TPM technologies like Keylime.

At the end, one should be able to “create an image only be usable by clusters in the EU region”.
Speakers
HP

Harshal Patil

Advisory Systems Software Engineer, IBM
Harshal is an Open Source developer working on Kubernetes and Runtimes. At IBM Power Systems, he designs and implements container architectures focused on security that take advantage of Power's unique hardware features. In the container ecosystem, Harshal’s contributions span from... Read More →
avatar for Brandon Lum

Brandon Lum

Senior Software Engineer, IBM
Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). He enjoys tackling both technical and business challenges and has a side interest in organizational behavior and leadership. At IBM Research... Read More →

Close Captioning Transcript OCPJ 9303 txt
KubeCon Virtual 2020 ECI pdf
Wednesday August 19, 2020 13:00 - 13:35 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey99259
  Security + Identity + Policy